#!/usr/bin/env bash

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

# This script is a wrapper creating the same user inside container as the one
# running the docker/build.sh outside the container. It also set the home directory
# for the user inside container to match the same absolute path as the workspace
# outside of container.  Do not run this manually. It does not make sense. It is
# intended to be called by ci_build.sh only.

set -e

# NOTE: sudo uses the env_reset option to reset environment variables to a secure bare minimum.
# The --preserve-env option below passes those variables through to the invoked process; however,
# this appears not to affect the environment used with execve, so we resolve the binary to run
# in this file using the $PATH specified in the Dockerfile.
COMMAND=( "$(which "$1")" )
shift
COMMAND=( "${COMMAND[@]}" "$@" )

if ! touch /this_is_writable_file_system; then
  echo "You can't write to your filesystem!"
  echo "If you are in Docker you should check you do not have too many images" \
      "with too many files in them. Docker has some issue with it."
  exit 1
else
  rm /this_is_writable_file_system
fi

getent group "${CI_BUILD_GID}" || (
    # Ensure "${CI_BUILD_GROUP}" is not already some other gid inside container.
    if grep -q "^${CI_BUILD_GROUP}:" /etc/group; then
        CI_BUILD_GROUP="${CI_BUILD_GROUP}2"
    fi
    addgroup --force-badname --gid "${CI_BUILD_GID}" "${CI_BUILD_GROUP}" >/dev/null)

getent group tvm-venv || (addgroup tvm-venv >/dev/null)
getent passwd "${CI_BUILD_UID}" || adduser --force-badname --gid "${CI_BUILD_GID}" --uid "${CI_BUILD_UID}" \
    --gecos "${CI_BUILD_USER} (generated by with_the_same_user script)" \
    --disabled-password --home "${CI_BUILD_HOME}" --quiet "${CI_BUILD_USER}"
usermod -a -G sudo -G tvm-venv "${CI_BUILD_USER}"
usermod -a -G sudo -G dialout "${CI_BUILD_USER}"

# Add user to video group for ROCm
if [[ ! -z "${ROCM_ENABLED-}" ]]; then
  usermod -a -G video "${CI_BUILD_USER}"
fi

# This is a grotesque hack to get PYTEST_ADD_OPTS available to all task scripts.
echo "${CI_BUILD_USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/90-nopasswd-sudo

if [[ ! -z "${CUDA_VISIBLE_DEVICES-}" ]]; then
    CUDA_ENV="CUDA_VISIBLE_DEVICES=${CUDA_VISIBLE_DEVICES}"
else
    CUDA_ENV=""
fi

if [[ "$CI_IMAGE_NAME" == *"hexagon"* ]] && [[ ${CI:-false} != "true" ]]; then
  PATH=$(echo "$PATH" | sed 's/\/opt\/sccache://g')
fi

sudo -u "#${CI_BUILD_UID}" --preserve-env \
${CUDA_ENV} \
PATH=${PATH} \
JAVA_HOME=${JAVA_HOME} \
LD_LIBRARY_PATH="${LD_LIBRARY_PATH-}" \
PYTHONPATH="${PYTHONPATH-}" \
CI_IMAGE_NAME="${CI_IMAGE_NAME-}" \
HOME="${CI_BUILD_HOME-}" \
"${COMMAND[@]}"
